Details
-
Improvement
-
Status: Resolved
-
Minor
-
Resolution: Invalid
-
8.6.3
-
None
-
None
Description
The PKIAuthenticationPlugin [0] plugin will secure inter-node communication by injecting a custom header that will allow any destination node to verify tampering of message by checking against source node's public key. This header also contains a TTL value that exists to prevent replay attacks (default is 5 seconds).
Under very high load for increased periods of time, messages can start to expire, causing a spike in authorization errors. by trial and error, increasing the TTL value high enough seems to help the cluster get over the hump but it potentially only pushes the problem a bit futher ahead. Enabling inter-node encryption [1] can provide sufficient protection in transit so that the TTL check could be skipped.
I am proposing to introduce a new system property that will allow disabling of the TTL check only ("pkiauth.disableTTLVerification" name open to suggestions).
Note. The original description of this ticket has changed. based on the discussion below I have reduced the scope to introducing a system property as needed, off by default.
[0] https://solr.apache.org/guide/solr/latest/deployment-guide/authentication-and-authorization-plugins.html#pkiauthenticationplugin
[1] https://solr.apache.org/guide/solr/latest/deployment-guide/enabling-ssl.html